Table of Contents
use_domain
(integer)
match_mode
(integer)
db_url
(String)
userblocklist_table
(String)
userblocklist_id_col
(string)
userblocklist_username_col
(string)
userblocklist_domain_col
(string)
userblocklist_prefix_col
(string)
userblocklist_allowlist_col
(string)
globalblocklist_table
(String)
globalblocklist_id_col
(string)
globalblocklist_prefix_col
(string)
globalblocklist_allowlist_col
(string)
globalblocklist_description_col
(string)
List of Examples
use_domain
parametermatch_mode
parameterdb_url
parameteruserblocklist_table
parameteruserblocklist_id_col
parameteruserblocklist_username_col
parameteruserblocklist_domain_col
parameteruserblocklist_prefix_col
parameteruserblocklist_allowlist_col
parameterglobalblocklist_table
parameterglobalblocklist_id_col
parameterglobalblocklist_prefix_col
parameterglobalblocklist_allowlist_col
parameterglobalblocklist_description_col
parametercheck_user_blocklist
usagecheck_user_allowlist
usagecheck_blocklist
usagecheck_allowlist
usageuserblocklist.reload_blocklist
usagereload_blocklist
usagedump_blocklist
usagecheck_blocklist
usagecheck_allowlist
usagecheck_userblocklist
usagecheck_userallowlist
usageTable of Contents
use_domain
(integer)
match_mode
(integer)
db_url
(String)
userblocklist_table
(String)
userblocklist_id_col
(string)
userblocklist_username_col
(string)
userblocklist_domain_col
(string)
userblocklist_prefix_col
(string)
userblocklist_allowlist_col
(string)
globalblocklist_table
(String)
globalblocklist_id_col
(string)
globalblocklist_prefix_col
(string)
globalblocklist_allowlist_col
(string)
globalblocklist_description_col
(string)
The userblocklist module allows Kamailio to handle blocklists on a per user basis. This information is stored in a database table, which is queried to decide if the number (more exactly, the request URI user) is blocklisted or not.
An additional functionality that this module provides is the ability to handle global blocklists. This lists are loaded on startup into memory, thus providing a better performance than the userblocklist case. These global blocklists are useful to allow only calls to certain international destinations, i.e. block all not allowlisted numbers. They could also be used to prevent the blocklisting of important numbers, as allowlisting is supported too. This is useful for example to prevent the customer from blocking emergency call number or service hotlines.
The module exports four functions, check_blocklist
,
check_allowlist
,
check_user_blocklist
and check_user_allowlist
for usage in the configuration file. Furthermore it provides a MI function to
reload the global blocklist cache.
Please note that only numerical strings for matching are supported at the moment (the used library supports this already, but its not yet implemented in the module). Non-digits on the beginning of the matched string are skipped, any later non-digits will stop the matching on this position.
The module depends on the following modules (in the other words the listed modules must be loaded before this module):
database -- Any db_* database module
If set to non-zero value, the domain column in the userblocklist table is used.
Default value is “0”.
The number of individual characters that are used for matching. Valid values are 10 or 128. When you specify 10, only digits will be used for matching, this operation mode is equivalent to the old behaviour. When configured with 128, all standard ASCII chars are available for matching. Please be aware that memory requirements for storing the routing tree in shared memory will also increase by a factor of 12.8.
Default value is “10”.
URL to the database containing the data.
Default value is “mysql://kamailioro:kamailioro@localhost/kamailio”.
Example 1.3. Set db_url
parameter
... modparam("userblocklist", "db_url", "dbdriver://username:password@dbhost/dbname") ...
Name of the userblocklist table for the userblocklist module.
Default value is “userblocklist”.
Example 1.4. Set userblocklist_table
parameter
... modparam("userblocklist", "userblocklist_table", "userblocklist") ...
unique ID
Example 1.5. Set userblocklist_id_col
parameter
... modparam("userblocklist", "userblocklist_id_col", "id") ...
The user that is used for the blocklist lookup.
Example 1.6. Set userblocklist_username_col
parameter
... modparam("userblocklist", "userblocklist_username_col", "username") ...
The domain that is used for the blocklist lookup.
Example 1.7. Set userblocklist_domain_col
parameter
... modparam("userblocklist", "userblocklist_domain_col", "domain") ...
The prefix that is matched for the blocklist.
Example 1.8. Set userblocklist_prefix_col
parameter
... modparam("userblocklist", "userblocklist_prefix_col", "prefix") ...
Specify if this is a blocklist (0) or an allowlist (1) entry.
Example 1.9. Set userblocklist_allowlist_col
parameter
... modparam("userblocklist", "userblocklist_allowlist_col", "allowlist") ...
Name of the globalblocklist table for the userblocklist module. Please note that this table is used when the check_blocklist function is called with no parameters.
Default value is “globalblocklist”.
Example 1.10. Set globalblocklist_table
parameter
... modparam("userblocklist", "globalblocklist_table", "globalblocklist") ...
unique ID
Example 1.11. Set globalblocklist_id_col
parameter
... modparam("userblocklist", "globalblocklist_id_col", "id") ...
The prefix that is matched for the blocklist.
Example 1.12. Set globalblocklist_prefix_col
parameter
... modparam("userblocklist", "globalblocklist_prefix_col", "prefix") ...
Finds the longest prefix that matches the request URI user (or the number parameter) for the given user and domain name in the database. If a match is found and it is not set to allowlist, false is returned. Otherwise, true is returned. Pseudo-variables or AVPs can be used for the user, domain and number parameters. The number and table variables are optional, the defaults are used if they are omitted. The number parameter can be used to check for example against the from URI user.
Example 1.15. check_user_blocklist
usage
... $avp(i:80) = $rU; # rewrite the R-URI if (!check_user_blocklist("$avp(i:80)", "$avp(i:82)")) { sl_send_reply("403", "Forbidden"); exit; } ...
Finds the longest prefix that matches the request URI user (or the number parameter) for the given user and domain name in the database. If a match is found and it is set to allowlist, true is returned. Otherwise, false is returned. Pseudo-variables or AVPs can be used for the user, domain and number parameters. The number and table variables are optional, the defaults are used if they are omitted. The number parameter can be used to check for example against the from URI user.
Example 1.16. check_user_allowlist
usage
... $avp(i:80) = $rU; # rewrite the R-URI if (!check_user_allowlist("$avp(i:80)", "$avp(i:82)")) { # process request exit; } ...
Finds the longest prefix that matches the request URI for the given table. If a match is found and it is not set to allowlist, false is returned. Otherwise, true is returned. If no table is given, then globalblocklist_table is used.
Example 1.17. check_blocklist
usage
... if (!check_blocklist("globalblocklist")) { sl_send_reply("403", "Forbidden"); exit; } ...
Finds the longest prefix that matches the request URI for the given table. If a match is found and it is set to allowlist, true is returned. Otherwise, false is returned.
Example 1.18. check_allowlist
usage
... if (!check_allowlist("globalblocklist")) { sl_send_reply("403", "Forbidden"); exit; } ...
Reload the internal global blocklist cache. This is necessary after the database tables for the global blocklist have been changed.
Dumps the default, in memory, global_blocklist content to stdout. Note that a reload_blocklist should be issued before, in order to see the latest content of the database.
Searches in the default, in memory, global list. Finds the longest prefix that matches the given prefix parameter. Returns true if the prefix is found and the allowlist is not set. Returns false otherwise - either prefix found and allowlist set or prefix not found. Note that a reload_blocklist should be issued before, in order to check through the latest content of the database.
Example 1.22. check_blocklist
usage
... kamctl fifo reload_blocklist kamctl fifo check_blocklist prefix ...
Searches in the default, in memory, global list. Finds the longest prefix that matches the given prefix parameter. Returns true if the prefix is found and the allowlist is set. Returns false otherwise - either prefix found and allowlist not set or prefix not found. Note that a reload_blocklist should be issued before, in order to check through the latest content of the database.
Example 1.23. check_allowlist
usage
... kamctl fifo reload_blocklist kamctl fifo check_allowlist prefix ...
Searches in the default user list table. Finds the longest prefix for the given user@domain that matches the given prefix parameter. Returns true if the prefix is found and the allowlist is not set. Returns false otherwise - either prefix found and allowlist set or prefix not found. Note that the domain parameter is optional. If not given, the second parameter is the considered to be the prefix.
Example 1.24. check_userblocklist
usage
... kamctl fifo check_userblocklist user [domain] prefix ...
Searches in the default user list table. Finds the longest prefix for the given user@domain that matches the given prefix parameter. Returns true if the prefix is found and the allowlist is set. Returns false otherwise - either prefix found and allowlist not set or prefix not found. Note that the domain parameter is optional. If not given, the second parameter is the considered to be the prefix.
Example 1.25. check_userallowlist
usage
... kamctl fifo check_userallowlist user [domain] prefix ...
Before running Kamailio with the userblocklist module, you have to setup the database table where the module will read the blocklist data. For that, if the table was not created by the installation script or you choose to install everything by yourself you can use the userblocklist-create.sql SQL script in the database directories in the kamailio/scripts folder as template. Database and table name can be set with module parameters so they can be changed, but the name of the columns must be as they are in the SQL script. You can also find the complete database documentation on the project webpage, https://www.kamailio.org/docs/db-tables/kamailio-db-devel.html.
Example 1.26. Example database content - globalblocklist table
... +----+-----------+-----------+ | id | prefix | allowlist | +----+-----------+-----------+ | 1 | | 0 | | 2 | 1 | 1 | | 3 | 123456 | 0 | | 4 | 123455787 | 0 | +----+-----------+-----------+ ...
This table will setup a global blocklist for all numbers, only allowing calls starting with “1”. Numbers that starts with “123456” and “123455787” are also blocklisted, because the longest prefix will be matched.
Example 1.27. Example database content - userblocklist table
... +----+----------------+-------------+-----------+-----------+ | id | username | domain | prefix | allowlist | +----+----------------+-------------+-----------+-----------+ | 23 | 49721123456788 | | 1234 | 0 | | 22 | 49721123456788 | | 123456788 | 1 | | 21 | 49721123456789 | | 12345 | 0 | | 20 | 494675231 | | 499034133 | 1 | | 19 | 494675231 | test | 499034132 | 0 | | 18 | 494675453 | test.domain | 49901 | 0 | | 17 | 494675454 | | 49900 | 0 | +----+----------------+-------------+-----------+-----------+ ...
This table will setup user specific blocklists for certain usernames. For example for user “49721123456788” the prefix “1234” will be not allowed, but the number “123456788” is allowed. Additionally a domain could be specified that is used for username matching if the “use_domain” parameter is set.